Computer viruses and worms replicate themselves by inserting copies into other programs or documents. Viruses are pieces of code that piggyback on other programs, while worms are self-contained and use network vulnerabilities to spread. Notable examples include the Morris worm of 1988, which was the first to gain widespread attention, and the MyDoom virus of 2004, which caused major internet disruptions through distributed denial of service attacks. Prevention methods against viruses, worms, and other malware include software updates, antivirus programs, and more secure operating systems.
FULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | Delhi
Computer Viruses and Worms Explained
1. Computer Viruses and Worms
Computer Viruses and Worms
Dragan Lojpur
Dragan Lojpur
Zhu Fang
Zhu Fang
2. Definition of Virus
Definition of Virus
A virus is a small piece of software that
A virus is a small piece of software that
piggybacks on real programs in order to get
piggybacks on real programs in order to get
executed
executed
Once it
Once it’
’s running, it spreads by inserting
s running, it spreads by inserting
Once it
Once it’
’s running, it spreads by inserting
s running, it spreads by inserting
copies of itself into other executable code or
copies of itself into other executable code or
documents
documents
4. Worms
Worms
Worm
Worm -
- is a self
is a self-
-replicating program,
replicating program,
similar to a computer virus. A virus
similar to a computer virus. A virus
attaches itself to, and becomes part of,
attaches itself to, and becomes part of,
another executable program; however,
another executable program; however,
another executable program; however,
another executable program; however,
a worm is self
a worm is self-
-contained and does not
contained and does not
need to be part of another program to
need to be part of another program to
propagate itself.
propagate itself.
5. History of Worms
History of Worms
The first worm to attract wide attention, the
The first worm to attract wide attention, the
Morris worm, was written by Robert Tappan
Morris worm, was written by Robert Tappan
Morris, who at the time was a graduate
Morris, who at the time was a graduate
student at Cornell University.
student at Cornell University.
It was released on November 2, 1988
It was released on November 2, 1988
It was released on November 2, 1988
It was released on November 2, 1988
Morris himself was convicted under the US
Morris himself was convicted under the US
Computer Crime and Abuse Act and received
Computer Crime and Abuse Act and received
three years probation, community service and
three years probation, community service and
a fine in excess of $10,000.
a fine in excess of $10,000.
Xerox PARC
Xerox PARC
6. Worms…
Worms…
Worms
Worms –
– is a small piece of software that
is a small piece of software that
uses computer networks and security holes to
uses computer networks and security holes to
replicate itself. A copy of the worm scans the
replicate itself. A copy of the worm scans the
network for another machine that has a
network for another machine that has a
specific security hole. It copies itself to the
specific security hole. It copies itself to the
specific security hole. It copies itself to the
specific security hole. It copies itself to the
new machine using the security hole, and
new machine using the security hole, and
then starts replicating from there, as well.
then starts replicating from there, as well.
They are often designed to exploit the file
They are often designed to exploit the file
transmission capabilities found on many
transmission capabilities found on many
computers.
computers.
7. Zombies
Zombies
Infected computers
Infected computers —
— mostly Windows
mostly Windows
machines
machines —
— are now the major delivery
are now the major delivery
method of spam.
method of spam.
Zombies have been used extensively to
Zombies have been used extensively to
send e
send e-
-mail spam; between 50% to
mail spam; between 50% to
80% of all spam worldwide is now sent
80% of all spam worldwide is now sent
by zombie computers
by zombie computers
9. Typical things that some current
Typical things that some current
Personal Computer (PC) viruses do
Personal Computer (PC) viruses do
Display a message
Display a message
10. Typical things that some current
Typical things that some current
Personal Computer (PC) viruses do
Personal Computer (PC) viruses do
Erase files
Erase files
Scramble data on a hard disk
Scramble data on a hard disk
Display a message
Display a message
Cause erratic screen behavior
Cause erratic screen behavior
Halt the PC
Halt the PC
Many viruses do nothing obvious at all
Many viruses do nothing obvious at all
except spread!
except spread!
11. Distributed Denial of
Distributed Denial of
Service
Service
A
A denial
denial-
-of
of-
-service attack
service attack is an attack that
is an attack that
causes a loss of service to users, typically
causes a loss of service to users, typically
the loss of network connectivity and
the loss of network connectivity and
services by consuming the bandwidth of the
services by consuming the bandwidth of the
services by consuming the bandwidth of the
services by consuming the bandwidth of the
victim network or overloading the
victim network or overloading the
computational resources of the victim
computational resources of the victim
system.
system.
12. How it works?
How it works?
The flood of incoming messages to the target
The flood of incoming messages to the target
system essentially forces it to shut down, thereby
system essentially forces it to shut down, thereby
denying service to the system to legitimate users.
denying service to the system to legitimate users.
Victim's IP address.
Victim's IP address.
Victim's IP address.
Victim's IP address.
Victim's port number.
Victim's port number.
Attacking packet size.
Attacking packet size.
Attacking interpacket delay.
Attacking interpacket delay.
Duration of attack.
Duration of attack.
MyDoom
MyDoom –
– SCO Group
SCO Group
14. MyDoom
MyDoom
26 January 2004:
26 January 2004: The Mydoom virus is
The Mydoom virus is
first identified around 8am. Computer
first identified around 8am. Computer
security companies report that Mydoom is
security companies report that Mydoom is
responsible for approximately one in ten e
responsible for approximately one in ten e-
-
responsible for approximately one in ten e
responsible for approximately one in ten e-
-
mail messages at this time. Slows overall
mail messages at this time. Slows overall
internet performance by approximately ten
internet performance by approximately ten
percent and average web page load times by
percent and average web page load times by
approximately fifty percent
approximately fifty percent
15. MyDoom…
MyDoom…
27 January:
27 January: SCO Group offers a US $250,000
SCO Group offers a US $250,000
reward for information leading to the arrest of the
reward for information leading to the arrest of the
worm's creator
worm's creator.
.
1 February:
1 February: An estimated one million computers
An estimated one million computers
1 February:
1 February: An estimated one million computers
An estimated one million computers
around the world infected with Mydoom begin the
around the world infected with Mydoom begin the
virus's massive distributed denial of service
virus's massive distributed denial of service
attack
attack—
—the largest such attack to date.
the largest such attack to date.
2 February:
2 February: The SCO Group moves its site to
The SCO Group moves its site to
www.thescogroup.com.
www.thescogroup.com.
16. Executable Viruses
Executable Viruses
Traditional Viruses
Traditional Viruses
pieces of code attached to a legitimate
pieces of code attached to a legitimate
program
program
run when the legitimate program gets
run when the legitimate program gets
run when the legitimate program gets
run when the legitimate program gets
executed
executed
loads itself into memory and looks around
loads itself into memory and looks around
to see if it can find any other programs on
to see if it can find any other programs on
the disk
the disk
17. Boot Sector Viruses
Boot Sector Viruses
Traditional Virus
Traditional Virus
infect the boot sector on floppy disks and
infect the boot sector on floppy disks and
hard disks
hard disks
By putting its code in the boot sector, a
By putting its code in the boot sector, a
By putting its code in the boot sector, a
By putting its code in the boot sector, a
virus can guarantee it gets executed
virus can guarantee it gets executed
load itself into memory immediately, and it
load itself into memory immediately, and it
is able to run whenever the computer is on
is able to run whenever the computer is on
18. Decline of traditional viruses
Decline of traditional viruses
Reasons:
Reasons:
–
– Huge size of today’s programs storing on a
Huge size of today’s programs storing on a
compact disk
compact disk
–
– Operating systmes now protect the boot sector
Operating systmes now protect the boot sector
–
– Operating systmes now protect the boot sector
Operating systmes now protect the boot sector
19. E
E-
-mail Viruses
mail Viruses
Moves around in e
Moves around in e-
-mail messages
mail messages
Replicates itself by automatically mailing
Replicates itself by automatically mailing
itself to dozens of people in the victim
itself to dozens of people in the victim’
’s e
s e-
-
mail address book
mail address book
mail address book
mail address book
Example:
Example: Melissa virus
Melissa virus,
, ILOVEYOU virus
ILOVEYOU virus
20. Melissa virus
Melissa virus
March 1999
March 1999
the Melissa virus was the fastest
the Melissa virus was the fastest-
-spreading virus
spreading virus
ever seen
ever seen
Someone created the virus as a Word document
Someone created the virus as a Word document
uploaded to an
uploaded to an Internet newsgroup
Internet newsgroup
uploaded to an
uploaded to an Internet newsgroup
Internet newsgroup
People who downloaded the document and opened
People who downloaded the document and opened
it would trigger the virus
it would trigger the virus
The virus would then send the document in an e
The virus would then send the document in an e-
-
mail message to the first 50 people in the person's
mail message to the first 50 people in the person's
address book
address book
21. Melissa virus
Melissa virus
Took advantage of the programming
Took advantage of the programming
language built into Microsoft Word called
language built into Microsoft Word called
VBA (Visual Basic for Applications)
VBA (Visual Basic for Applications)